CERT-Developed Curricula and Course Materials

This curriculum, recognized by the IEEE Computer Society and ACM,
includes materials for undergraduate and graduate level programs.The CERT Cybersecurity Engineering team researches how to best address security and survivability throughout the development and acquisition lifecycles, especially in the early stages. This same team also develops curricula and educational materials that cover knowledge areas that link to their research in the following areas.

Protecting complex software systems against vulnerabilities and attacks is critical, so there is a growing demand for skilled professionals who can assure the security and correct functioning of software and systems. Recognizing the importance of software assurance education to meet this demand, CERT researchers are currently collaborating on a software assurance curriculum with a team of educators from Embry-Riddle Aeronautical University, (ISC)2, Stevens Institute of Technology, and Union College. This curriculum, recognized by the IEEE Computer Society and ACM,
includes materials for undergraduate and graduate level programs.

The Software Assurance Competency Model was developed to create a foundation for assessing and advancing the capability of software assurance professionals. Endorsed by IEEE Computer Society, this model helps organizations and individuals determine their SwA competency across a range of knowledge areas and units. It provides a span of competency levels 1 through 5 as well as a decomposition into individual competencies based on knowledge and skills. It is a framework that an organization can adapt to its particular domain, culture, or structure.

This course covers the fundamentals of incorporating assurance practices, methods, and technologies into software development and acquisition lifecycle processes and models. With this foundation, the course provides students with rigorous methods for software assurance requirements engineering in support of development and acquisition;using threat identification, characterization, and modeling;performing assurance risk assessment;and evaluating misuse/abuse cases.

This course covers the fundamentals of software and system assurance management, including risk assessment, identification, analysis, mitigation, and monitoring for assurance;compliance with laws, regulations, standards, and policies related to assurance;planning and managing development projects that include assurance practices;and, given this information, making the business case for assurance.

Software Assurance for Executives video modules and slide sets provide information and guidance on all stages of the software assurance lifecycle as well as emerging topics such as cloud computing and standards that support software assurance.

Lecture materials and artifacts in the following categories are available for use in a software assurance program or track: SQUARE, Secure Programming, Secure Software Management, Software Security Engineering, Case Studies, and Static Analysis for Software Quality.

Today's organizations rely on networked systems powered by fast-changing technology. This reliance makes them more vulnerable to attacks and forces system administrators to seek new approaches to computer and network security. To help them, the CERT Division has developed a downloadable three-course curriculum in survivability and information assurance (SIA). This curriculum offers a problem-solving methodology built on key SIA principles that are independent of specific technologies. These principles form the foundation of the CERT SIA Curriculum.

Ask Us How to Best Use These Materials

Contact us to discuss your needs and help you determine how best to use these materials.